6c2a5fa538
- Resolves: RHEL-49452 Include latest fixes in python3-ipatests packages - Resolves: RHEL-49433 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases - Resolves: RHEL-49432 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed - Resolves: RHEL-49413 ipa-migrate with -Z option fails with ValueError: option error - Resolves: RHEL-47157 ipa-migrate -V options fails to display version - Resolves: RHEL-47148 Pagure #9629: Syntax error uninstalling the selinux-luna subpackage - Resolves: RHEL-40892 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
193 lines
7.2 KiB
Diff
193 lines
7.2 KiB
Diff
From 4ea1ad6acae910574a524403bc82c80d24b525d6 Mon Sep 17 00:00:00 2001
|
|
From: Mohammad Rizwan <myusuf@redhat.com>
|
|
Date: Thu, 13 Jun 2024 14:07:57 +0530
|
|
Subject: [PATCH] ipatests: tests related to --token-password-file
|
|
|
|
Test automation added around the --token-password-file
|
|
option for server/replica/kra install.
|
|
|
|
Related: https://pagure.io/freeipa/issue/9603
|
|
|
|
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
|
|
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
|
---
|
|
ipatests/test_integration/test_hsm.py | 85 ++++++++++++++++++++++++---
|
|
1 file changed, 77 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/ipatests/test_integration/test_hsm.py b/ipatests/test_integration/test_hsm.py
|
|
index b49af12492f7dce4bd41836b220d75d9fc99b5c2..3a33c3bda6d072aa16e361b04ac2d668902bb0e9 100644
|
|
--- a/ipatests/test_integration/test_hsm.py
|
|
+++ b/ipatests/test_integration/test_hsm.py
|
|
@@ -163,6 +163,7 @@ class BaseHSMTest(IntegrationTest):
|
|
master_extra_args = []
|
|
token_password = None
|
|
token_name = None
|
|
+ token_password_file = '/tmp/token_password'
|
|
random_serial = False
|
|
|
|
@classmethod
|
|
@@ -191,7 +192,7 @@ class BaseHSMTest(IntegrationTest):
|
|
delete_hsm_token([cls.master] + cls.replicas, cls.token_name)
|
|
|
|
@classmethod
|
|
- def sync_tokens(cls, source):
|
|
+ def sync_tokens(cls, source, token_name=None):
|
|
"""Synchronize non-networked HSM tokens between machines
|
|
source: source host for the token data
|
|
"""
|
|
@@ -207,7 +208,8 @@ class BaseHSMTest(IntegrationTest):
|
|
for host in [cls.master] + cls.replicas:
|
|
if host == source:
|
|
continue
|
|
- copy_token_files(source, [host], cls.token_name)
|
|
+ copy_token_files(source, [host],
|
|
+ token_name if token_name else cls.token_name)
|
|
|
|
|
|
class TestHSMInstall(BaseHSMTest):
|
|
@@ -218,6 +220,10 @@ class TestHSMInstall(BaseHSMTest):
|
|
|
|
def test_hsm_install_replica0_ca_less_install(self):
|
|
check_version(self.master)
|
|
+
|
|
+ self.master.put_file_contents(
|
|
+ self.token_password_file, self.token_password
|
|
+ )
|
|
tasks.install_replica(
|
|
self.master, self.replicas[0], setup_ca=False,
|
|
setup_dns=True,
|
|
@@ -307,6 +313,50 @@ class TestHSMInstall(BaseHSMTest):
|
|
assert returncode == 0
|
|
assert output == "No issues found."
|
|
|
|
+ def test_hsm_install_server_password_file(self):
|
|
+ check_version(self.master)
|
|
+ # cleanup before fresh install with password file
|
|
+ for client in self.clients:
|
|
+ tasks.uninstall_client(client)
|
|
+
|
|
+ for replica in self.replicas:
|
|
+ tasks.uninstall_master(replica)
|
|
+
|
|
+ tasks.uninstall_master(self.master)
|
|
+
|
|
+ delete_hsm_token([self.master] + self.replicas, self.token_name)
|
|
+ self.token_name, self.token_password = get_hsm_token(self.master)
|
|
+ self.master.put_file_contents(self.token_password_file,
|
|
+ self.token_password)
|
|
+ self.replicas[0].put_file_contents(self.token_password_file,
|
|
+ self.token_password)
|
|
+
|
|
+ tasks.install_master(
|
|
+ self.master, setup_dns=self.master_with_dns,
|
|
+ setup_kra=self.master_with_kra,
|
|
+ setup_adtrust=self.master_with_ad,
|
|
+ extra_args=(
|
|
+ '--token-name', self.token_name,
|
|
+ '--token-library-path', hsm_lib_path,
|
|
+ '--token-password-file', self.token_password_file
|
|
+ )
|
|
+ )
|
|
+ self.sync_tokens(self.master, token_name=self.token_name)
|
|
+
|
|
+ def test_hsm_install_replica0_password_file(self):
|
|
+ check_version(self.master)
|
|
+ tasks.install_replica(
|
|
+ self.master, self.replicas[0], setup_ca=True,
|
|
+ extra_args=('--token-password-file', self.token_password_file,)
|
|
+ )
|
|
+
|
|
+ def test_hsm_install_replica0_kra_password_file(self):
|
|
+ check_version(self.master)
|
|
+ tasks.install_kra(
|
|
+ self.replicas[0],
|
|
+ extra_args=('--token-password-file', self.token_password_file,)
|
|
+ )
|
|
+
|
|
|
|
class TestHSMInstallADTrustBase(BaseHSMTest):
|
|
"""
|
|
@@ -321,7 +371,7 @@ class TestHSMInstallADTrustBase(BaseHSMTest):
|
|
check_version(self.master)
|
|
tasks.install_replica(
|
|
self.master, self.replicas[0], setup_ca=True,
|
|
- setup_adtrust=True, setup_kra=True, setup_dns=True,
|
|
+ setup_adtrust=False, setup_kra=True, setup_dns=True,
|
|
nameservers='master' if self.master_with_dns else None,
|
|
extra_args=('--token-password', self.token_password,)
|
|
)
|
|
@@ -356,7 +406,8 @@ class TestHSMcertRenewal(BaseHSMTest):
|
|
'auditSigningCert cert-pki-ca': 'caauditSigningCert'
|
|
}
|
|
CA_TRACKING_REQS.update(KRA_TRACKING_REQS)
|
|
- self.master.put_file_contents('/tmp/token_passwd', self.token_password)
|
|
+ self.master.put_file_contents(self.token_password_file,
|
|
+ self.token_password)
|
|
for nickname in CA_TRACKING_REQS:
|
|
cert = tasks.certutil_fetch_cert(
|
|
self.master,
|
|
@@ -772,6 +823,7 @@ class TestHSMcertFixReplica(BaseHSMTest):
|
|
class TestHSMNegative(IntegrationTest):
|
|
|
|
master_with_dns = False
|
|
+ token_password_file = '/tmp/token_password'
|
|
|
|
@classmethod
|
|
def install(cls, mh):
|
|
@@ -792,7 +844,6 @@ class TestHSMNegative(IntegrationTest):
|
|
'--token-password', self.token_password
|
|
)
|
|
)
|
|
- # assert 'error message non existing token name' in result.stderr_text
|
|
assert result.returncode != 0
|
|
|
|
# wrong token password
|
|
@@ -804,7 +855,6 @@ class TestHSMNegative(IntegrationTest):
|
|
'--token-password', 'token_passwd'
|
|
)
|
|
)
|
|
- # assert 'error message wrong passwd' in result.stderr_text
|
|
assert result.returncode != 0
|
|
|
|
# wrong token lib
|
|
@@ -816,7 +866,6 @@ class TestHSMNegative(IntegrationTest):
|
|
'--token-password', self.token_password
|
|
)
|
|
)
|
|
- # assert 'error message non existing token lib' in result.stderr_text
|
|
assert result.returncode != 0
|
|
|
|
def test_hsm_negative_special_char_token_name(self):
|
|
@@ -842,7 +891,27 @@ class TestHSMNegative(IntegrationTest):
|
|
'--token-password', token_passwd
|
|
)
|
|
)
|
|
- # assert 'error message non existing token lib' in result.stderr_text
|
|
+ assert result.returncode != 0
|
|
+
|
|
+ def test_hsm_negative_token_password_and_file(self):
|
|
+ """Test token-password and token-password-file at same time
|
|
+
|
|
+ Test if command fails when --token-password and --token-password-file
|
|
+ provided at the same time results into command failure.
|
|
+ """
|
|
+ check_version(self.master)
|
|
+ self.master.put_file_contents(
|
|
+ self.token_password_file, self.token_password
|
|
+ )
|
|
+ result = tasks.install_master(
|
|
+ self.master, raiseonerr=False,
|
|
+ extra_args=(
|
|
+ '--token-name', self.token_name,
|
|
+ '--token-library-path', hsm_lib_path,
|
|
+ '--token-password', self.token_password,
|
|
+ '--token-password-file', self.token_password_file
|
|
+ )
|
|
+ )
|
|
assert result.returncode != 0
|
|
|
|
|
|
--
|
|
2.45.2
|
|
|